[strongSwan-dev] TAP-Windows6 driver integration

Noel Kuntze noel at familie-kuntze.de
Tue Nov 22 00:36:13 CET 2016

On 19.11.2016 02:34, Noel Kuntze wrote:
> On 17.11.2016 12:21, Emanuil Hristov wrote:
>> > Hello,
>> > could you please binaries (as possible with charon-cmd) and tun/tap driver.
>> > I really want to test it.
> AFAIK, charon-cmd is not supported on Windows. Only charon-svc is.
> I put that topic on my TODO, but I don't know when I'll get around to doing it.
> I collected performance data as part of my bachelor thesis. It's available
> in German in a Github repo[1]. The data is displayed and discussed in the thesis.
> Contains
> - throughput data [2]
> - CPU load and memory usage in a guest (The test client was a VBox VM) [3] 
> - CPU load on the host [4] 
> [1] https://github.com/Thermi/bachelorarbeit/tree/master/Bachelorarbeit
> [2] https://github.com/Thermi/bachelorarbeit/blob/master/Bachelorarbeit/iperf_server_normalized.txt
> [3] https://github.com/Thermi/bachelorarbeit/blob/master/Bachelorarbeit/benchmark_guest.txt
> [4] https://github.com/Thermi/bachelorarbeit/blob/master/Bachelorarbeit/benchmark_data.txt

I provide complete binaries and the driver over at a HTTP server[1] that I control.
I have not tested this build. If you can not install the driver, hit me up.
The driver must be installed using devcon.exe. You also require a working OpenSSL library
for the crypto. Both can be gotten from OpenVPN for Windows. Just install it.
"devcon.exe" is at "C:\Program Files\TAP-Window\bin\tapinstall.exe". It is called "tapinstall.exe",
instead of "devcon.exe". The files in "tap-driver.tar.gz" must all be in the same directory.

The following syntax is required to install a TAP device using the driver:
"C:\Program Files\TAP-Window\bin\tapinstall.exe" install <path to OemVista.inf> tap0901

The following syntax is required to remove all TAP devices using the driver tap0901: 
"C:\Program Files\TAP-Window\bin\tapinstall.exe" remove tap0901

I do not know of a way to delete a device manually using the command line. But I think you can
do it using the device manager.

Regarding strongswan:
Put all the libs and binaries into a single directory. Create a directory "swanctl" in that directory
and store the swanctl configuration and required files in the apropriate subdirectory, as indicated
by the wiki[2].
Run `charon-svc.exe` as Administrator using cmd.exe (or powershell). You might also run it as a service.
After that, load the swanctl style configuration using the `swanctl.exe` binary in a second window.
Then initiate and control as usual. Allow all network access for `charon-svc.exe`.
If you want to load a configuration using `strongswan.conf`, then put that file into the same directory as `charon-svc.exe`.

[1] https://thermi.strangled.net/~thermi/strongswan-win32-tap/
[2] https://wiki.strongswan.org/projects/strongswan/wiki/SwanctlDirectory


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20161122/61af2006/attachment.sig>

More information about the Dev mailing list